GDPR

The European Union's General Data Protection Regulation (GDPR), which came into effect on May 25th, 2018, places stricter requirements on the manner in which organisations collect, store and process data. It also gives users more control over their personal data and requires companies to adhere to more comprehensive privacy policies.

Organisations that operate within the E.U. will have to abide by GDPR, which applies to the storage of personal data relating to individuals residing, working or studying in the E.U. There are also enforcement mechanisms in place, such as large scale enforcement orders or fines of up to 4% of global turnover.

GDPR Will Force Companies To Act Upon Security Breaches

According to Europol, cybercrime cost Europe over 4% of its GDP between 2016 and 2017, and it is projected that the figure will jump to 5.4% by 2022.

Organisations that handle personal data must comply with GDPR's security requirements. In particular, they must take reasonable steps to protect the data stored on their systems from unauthorised access and use. They also have to ensure that any unauthorised access to personal data is promptly detected and reported to the supervisory authority.

The GDPR gives users the right to be informed of data breaches that affect them and to have their consent requested for the processing of their personal data. In the case of a data breach, the organisation must notify the supervisory authority within 72 hours and inform the users as soon as possible. Furthermore, when a data breach occurs, the organisation must notify users and seek consent before using their personal data for any other purpose.

Ensuring Data Privacy In The Face Of Rising Deviations

The GDPR is also great for corporate governance, enhancing the ability of shareholders to hold companies accountable for data privacy. Businesses that handle personal data must ensure that the processing is consistent with the purposes for which the data were originally collected. Furthermore, organisations have to ensure that the personal data they process are adequate, relevant and not excessive in relation to the purposes for which they were collected.

This is a significant change from the current data privacy landscape, which is characterised by a lack of regulation and a growing trend of companies collecting data for multiple purposes without fully thinking through the implications. As a result, users often find themselves with an abundance of data that they did not consent to and that the organisations themselves admit they cannot adequately process without proper governance in place.

Data Privacy And The Blockchain

As the GDPR establishes new standards for data privacy, businesses have the opportunity to revisit their data collection processes and determine whether or not they can be completely digital. In particular, blockchain technology enables businesses to collect and process data without risking the compliance of sensitive personal information. With the GDPR and the increasing prevalence of cryptocurrencies, businesses have the chance to adopt a completely digital approach to consumer data collection and ensure that their customers' privacy is respected at every stage of their purchasing process.

One of the greatest things about the GDPR is that it is technology-neutral. This means that the regulation does not discriminate against the use of new technologies and does not preclude the possibility of using emerging technologies in a safe and compliant manner. Furthermore, it promotes the development of open standards and technology, providing an opportunity for innovative services and useful products to emerge.

With the increasing adoption of cloud computing, remote desktop computing and online collaboration tools, it is easier for businesses to operate from anywhere in the world. This flexibility has huge benefits for customers, who can access the company's services regardless of their location, and for businesses, who can offer their services to a wider audience.

GDPR Provides A More Realistic Perspective On Data Privacy

Prior to the GDPR, regulators and legislators established various data privacy regulations, mostly governing the collection, use and storage of medical and financial data. For example, the United Kingdom's Health and Social Care Act 2016 requires organisations that handle health data to implement appropriate procedures for dealing with such data and requires them to take into account the impact on individuals whose data it is.

The GDPR provides a more realistic perspective on data privacy by placing it on an equal footing with other key areas of corporate governance. The regulations stipulate that businesses must take reasonable steps to protect the confidentiality of personal data and apply appropriate data protection measures. They must also enable users to have effective controls over the processing of their personal data and be able to determine the purposes and the recipients of the data they submit.

This is because the vast majority of personal data will be stored and processed by organisations that are not regulated in any way and cannot be held accountable for the manner in which they handle the data. The GDPR sets a new benchmark for data privacy and provides customers with increased confidence that their personal data will be protected and no unauthorised use will occur.

Organisations that operate within the financial services sector will be familiar with the Payment Service Directive (PSD2), which came into effect in 2016 and applies to the storage of cardholder data. However, beyond the scope of PSD2 and entirely within the GDPR, organisations have numerous data privacy obligations, including the requirement to establish procedures for ensuring the appropriate handling of personal data and to regularly review and revise these procedures.

Preparing For The Future Of Data Privacy

Although the GDPR will undoubtedly change the game in terms of how organisations approach data privacy, it does not address all of the challenges that lie ahead. The need for continued data privacy legislation and increased consumer awareness about the risks that they incur by allowing their data to be collected and stored by third parties is vital. For example, there is currently no overarching data privacy law in Australia, and the issue is currently being debated in parliament. Furthermore, the Australian Privacy Amendment (Data Protection) Act 2018 will only provide limited additional protections to Australian citizens, rather than establishing new universal privacy protections.

It is clear that while the GDPR provides a firm foundation for the protection of personal data and introduces new risks and challenges, it also sets a foundation for the future of data privacy. In the coming months and years, as we continue to grapple with the risks and implications of the COVID-19 pandemic on data privacy, we will inevitably look to the GDPR for guidance.

About Us

We're an electrician and a coder who set out to make an intuitive, useful app for our local business community.

The idea for VividQR started when we were talking to friends at the farmers market. We met entrepreneurs with great products and websites, struggling to get customers onto their websites for refills and upsells, and not sure which upcoming location would be most convenient for their customers.

This gap between analytics and printed media/product packaging is the one we seek to bridge with VividQR. This is something that big companies have been doing for years, but we want to bring the power of this technology to everyone, in an affordable and easy to use platform.

Learn More